Contrary to reports that Adobe had suggested users should pay for an upgrade to CS6 to patch a serious security hole, the company has now announced that it is “in the process of resolving these vulnerabilities” in versions CS5 and CS5.5 of its applications. The bug allows a maliciously designed TIFF file to cause a buffer overflow and act as a backdoor for malware, and it affects older versions of Photoshop, Illustrator, and Flash on both Windows and Mac.
Adobe working on a patch for ‘critical’ TIFF vulnerability in CS5 software
Adobe has announced plans to address a “critical” TIFF vulnerability in Photoshop, Illustrator, and Flash CS5, contrary to earlier reports.
Adobe has announced plans to address a “critical” TIFF vulnerability in Photoshop, Illustrator, and Flash CS5, contrary to earlier reports.
The confusion seemingly came from the original wording of the Adobe product security bulletin, which stated that “Adobe Photoshop CS6 addresses these vulnerabilities” without mentioning that a security patch for older versions was being worked on. Users of CS5 and below were understandably outraged, claiming that that for Adobe to expect them to pay for updates to patch a security flaw dubbed as “critical” was unacceptable. This move should placate users of CS5, though earlier versions seem to have been left out for now. We’ll let you know when the updated software hits, but in the meantime think twice before you open a TIFF.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
